Every so often you read something that just makes you go, "wow."
Paul Hopes was a 58-year-old with greying hair and a double chin who lived in a modest house outside Reading, a mid-sized town 40 miles west of London. He had risen to the dizzying heights of purchase-ledger manager at the UK head office of Toys 'R' Us. Paul was happily married and served as a volunteer for his local Soccer Association -- as Finance Director. Everyone liked him; he was nice quiet guy. "We just knew him as 'Paul from Finance.' He was a quiet, likeable chap," said a colleague.
Except ... he had another, parallel life, spending money on top-dollar hookers, fancy hotels, and restaurants. Even then, his generosity shone through: he paid off his favourite escorts' mortgages or bought them fancy cars -- a Bentley, in one case. (The newspaper reports showed the Bentley but not the hookers ...)
And all funded by … you’ve guessed it: Toys 'R' Us! Paul used bogus invoices, which generated some $6 million for him in under two years. Last week he changed his plea in court to 'guilty' and will be sentenced on December 18.
So once we have dismissed the slight feelings of admiration (I know they’re wrong feelings...), as procurement professionals we have to ask, "How on earth did he do it, and -- more to the point -- how on earth did Toys ’R’ Us allow it to happen?" Seems like a lot of money even for a large multi-national, and the sums he extracted ranged from £101,000 to £350,000, so these were not small amounts.
Did they have a full Purchase Order (PO) system? Unlikely, I'd guess, because if invoices can only be paid where a PO exists, fraud is much harder; he would have had to be able to create false POs and authorise them, which a full ERP process would be unlikely to allow.
So we might surmise that Toys ‘R’ Us allowed invoices to be authorised on receipt and used to generate a payment even where there was no PO. That is not unusual; I would say that most organisations are in that camp, even where they have an ERP system in place that handles the payment. In such cases, you need stronger controls on authorising the invoice and making the actual payment, but as purchase-ledger manager he may have been able to override the controls, or he may have had some personal signing authority. Or perhaps he just forged signatures, if it was a fully manual process?
But it is the final stage that most amazes me. Presumably the payments must have been booked against some budget account? So where was the manager responsible for that budget, and how did several million go unnoticed for a couple of years? Was it such a huge budget (perhaps a 'goods for resale' budget given the retail nature of the firm) that the odd million went unnoticed? Or was it just a case of managers not checking what was being charged to their cost centres? Perhaps we will never know, since he pleaded guilty.
Jason Busch tells me he believes that fraud increases when times are tough, so we might also wonder how many other organisations are going through something similar right now in blissful ignorance. What I do know is that I have seen procurement-related fraud in pretty much every job I have ever done; if you think "it couldn’t happen here/to us/in my team," then you are very naive!
So go and have a chat with your purchase-ledger manager. Ask if they know any good, really expensive hotels or Michelin-starred restaurants they can recommend (maybe best not to mention the hookers). And if they say "yes," then be afraid, be very afraid.....!
- Peter Smith